SimonMed Imaging reported a cybersecurity incident at the beginning of this year where unauthorized individuals accessed patient information through one of its vendors. The radiology practice in Scottsdale, Arizona said that one vendor notified it on January 27, 2025 about a security incident. SimonMed started an investigation of its own systems and identified suspicious activity on January 28, 2025, within the SimonMed network. It took immediate action to control the incident. It initiated a forensic investigation to find out the scope of compromise that affected its systems as well as the character of the unauthorized activity.
The investigation established that an unauthorized individual got direct access to its systems from January 21, 2025 to February 5, 2025. An analysis of the impacted files is in progress to determine the people whose information was compromised. However, the initial results of the investigation indicate the exposure and potential theft of the following information: names, addresses, dates of birth, dates of service, names of provider, health record numbers, patient numbers, health condition details, diagnosis/ treatment data, prescription drugs, medical insurance details, and driver’s license numbers. The information compromised in the incident differs from person to person.
SimonMed stated that because of the incident, it implemented several measures to enhance security. The following actions were undertaken: improving multifactor authentication, resetting security passwords, using endpoint detection and response checking, and revoking third-party vendor access to SimonMed’s systems and related resources. Updating its employees’ HIPAA training is also recommended. As the investigation moves along, more technical safety measures will be put in place to reinforce current protections.
SimonMed failed to mention the name of the threat group responsible for the attack. There is also no confirmation given regarding the ransomware used, if any. According to the Medusa ransomware group, it is responsible for the cyberattack and mentioned stealing over 212 GB of data and posting evidence regarding the breach on its data leak website. Medusa said it required SimonMed to pay $1 million as a ransom payment until February 21, 2025. Because of the incident, SimonMed is facing one class action lawsuit. Currently, the HHS’ Office for Civil Rights breach portal has not posted any data breach concerning SimonMed, thus, it is uncertain how many people were impacted.
